Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/40318891-5508-4eb6-bace-e245fbeb145a.roa
File:                     40318891-5508-4eb6-bace-e245fbeb145a.roa (raw, json)
Hash identifier:          vCg4QRsDZYaod/96U6BvjL9ySjPb8Tm6fMUDOHYm+eA=
Subject key identifier:   96:A8:05:42:4E:35:BA:F4:9D:2E:70:AB:DA:B9:57:3E:C6:0F:0B:02
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       1771C3B6069060BE4DAD1BB361A314E90B93078D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/40318891-5508-4eb6-bace-e245fbeb145a.roa
Signing time:             Fri 21 Mar 2025 15:01:22 +0000
ROA not before:           Fri 21 Mar 2025 15:01:22 +0000
ROA not after:            Fri 25 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        176.34.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:71:c3:b6:06:90:60:be:4d:ad:1b:b3:61:a3:14:e9:0b:93:07:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 21 15:01:22 2025 GMT
            Not After : Apr 25 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b8:d3:e8:aa:b5:9c:dd:b0:2b:ca:70:64:8b:
                    24:24:46:fb:75:d0:70:d4:c1:48:a9:a8:5a:ee:d5:
                    09:72:7e:bb:e2:92:01:39:c6:a1:31:15:8b:e2:c0:
                    56:82:c4:eb:53:c9:e0:70:c0:a3:19:fc:b2:cd:01:
                    b4:8d:37:9d:14:03:fb:02:7e:82:b2:52:66:52:d7:
                    e7:7a:ac:8e:0a:9c:77:a8:35:1b:f4:20:23:73:7b:
                    92:77:64:c7:69:88:71:f5:e6:76:93:f0:25:32:02:
                    18:5e:9e:a1:7e:d4:04:ba:e6:7f:21:3b:17:e7:99:
                    ea:4e:e6:d1:d4:44:f9:8f:5c:4e:15:a3:83:a0:a6:
                    6c:e0:6b:1b:fd:62:a3:9d:32:3c:2c:35:36:6e:21:
                    4f:19:d0:29:8b:3e:b5:e2:e9:f1:f9:0d:2c:1d:7a:
                    ca:cf:30:4c:8a:78:9e:6e:95:84:3f:5f:81:91:e2:
                    8e:65:dd:38:8d:2b:6b:83:74:81:28:f4:15:12:c5:
                    5c:c3:39:e1:a0:66:71:53:36:fe:a3:36:98:22:03:
                    f0:21:5c:2e:ec:8e:57:51:ee:de:4f:38:f5:23:d1:
                    01:48:b4:61:3a:14:15:37:da:48:bd:d1:04:e6:87:
                    97:6f:bf:6d:13:b5:3c:4e:6a:37:39:f6:a8:50:a4:
                    e5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A8:05:42:4E:35:BA:F4:9D:2E:70:AB:DA:B9:57:3E:C6:0F:0B:02
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/40318891-5508-4eb6-bace-e245fbeb145a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.34.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c9:66:3c:2a:d5:d5:b8:16:7e:7c:ae:50:03:a6:55:10:30:2e:
         c9:94:f1:d0:8f:8a:27:c3:67:a3:6a:87:86:86:bd:85:8c:82:
         32:6c:a9:b7:3c:35:8c:d7:00:e0:dd:49:22:d4:24:03:f2:9a:
         e2:45:8a:91:54:81:3b:36:b4:e3:78:eb:5a:05:cd:cc:bc:21:
         1e:01:2e:1f:f2:31:c6:30:95:5b:37:ef:0a:e6:87:8f:58:eb:
         cc:52:6b:e2:38:e9:f4:bc:35:2e:11:15:37:6d:f7:a8:94:0e:
         4e:90:be:a9:3e:e0:d4:28:3f:69:6a:1d:a7:d8:95:c8:cd:32:
         3d:7a:23:8e:d8:79:18:10:1b:22:82:45:48:d3:aa:80:8e:25:
         e3:9c:80:68:6e:95:9e:e6:68:65:1c:d4:5b:3c:e8:f3:15:16:
         27:60:2a:fa:78:c5:a5:aa:91:d9:d8:b4:46:ae:2e:bb:26:fa:
         4a:95:42:39:75:4b:d5:5e:7f:ad:88:e1:d3:59:ba:d2:03:ac:
         07:ba:14:2f:75:a6:01:5b:79:cc:8c:f2:cb:2e:19:e2:78:d8:
         f5:e3:d2:02:50:8e:70:ac:74:27:99:b0:7e:ae:fa:6c:b5:98:
         0a:dc:5d:12:b5:e7:87:13:ca:d2:c0:2b:a0:fc:68:65:4d:5f:
         04:7c:69:05
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUF3HDtgaQYL5NrRuzYaMU6QuTB40wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMjExNTAxMjJaFw0yNTA0MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiZTVjNmQxZTZmMDNiNTU2ZDRmMjljZGIyNWY3NTBmMTY1YmZiMTdiYjQw
YThhYjBiMjU1YjlhMGRmNjM1ODcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALa40+iqtZzdsCvKcGSLJCRG+3XQcNTBSKmoWu7VCXJ+u+KSATnGoTEVi+LA
VoLE61PJ4HDAoxn8ss0BtI03nRQD+wJ+grJSZlLX53qsjgqcd6g1G/QgI3N7kndk
x2mIcfXmdpPwJTICGF6eoX7UBLrmfyE7F+eZ6k7m0dRE+Y9cThWjg6CmbOBrG/1i
o50yPCw1Nm4hTxnQKYs+teLp8fkNLB16ys8wTIp4nm6VhD9fgZHijmXdOI0ra4N0
gSj0FRLFXMM54aBmcVM2/qM2mCID8CFcLuyOV1Hu3k849SPRAUi0YToUFTfaSL3R
BOaHl2+/bRO1PE5qNzn2qFCk5TUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSWqAVC
TjW69J0ucKvauVc+xg8LAjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDAzMTg4OTEtNTUwOC00ZWI2LWJhY2UtZTI0NWZiZWIxNDVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBbAioDAN
BgkqhkiG9w0BAQsFAAOCAQEAyWY8KtXVuBZ+fK5QA6ZVEDAuyZTx0I+KJ8Nno2qH
hoa9hYyCMmyptzw1jNcA4N1JItQkA/Ka4kWKkVSBOza043jrWgXNzLwhHgEuH/Ix
xjCVWzfvCuaHj1jrzFJr4jjp9Lw1LhEVN233qJQOTpC+qT7g1Cg/aWodp9iVyM0y
PXojjth5GBAbIoJFSNOqgI4l45yAaG6VnuZoZRzUWzzo8xUWJ2Aq+njFpaqR2di0
Rq4uuyb6SpVCOXVL1V5/rYjh01m60gOsB7oUL3WmAVt5zIzyyy4Z4njY9ePSAlCO
cKx0J5mwfq76bLWYCtxdErXnhxPK0sAroPxoZU1fBHxpBQ==
-----END CERTIFICATE-----